New Mirai-Based Botnet Exploits Zero-Day Vulnerabilities in Industrial and Smart Devices

by | Jan 8, 2025 | News




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

A sophisticated Mirai-based botnet is leveraging zero-day exploits and custom vulnerabilities to compromise industrial routers and smart home devices. First observed in February 2024, this botnet has rapidly evolved, exploiting both n-day and zero-day flaws, including a critical vulnerability, CVE-2024-12856, in Four-Faith industrial routers.

Emerging Exploitation Activity

Researchers from Chainxin X Lab reported that exploitation of CVE-2024-12856 began in late December 2024, shortly after its discovery by VulnCheck. This vulnerability, combined with custom exploits for flaws in Neterbit routers and Vimar smart home devices, has expanded the botnet’s infection capabilities.

Botnet Profile

The botnet, whose name contains offensive language, is built on a Mirai-based framework and maintains an average of 15,000 active daily bot nodes across the following countries:

  • China
  • United States
  • Russia
  • Turkey
  • Iran

Key Features:

  • Attack Objectives: Primarily used for DDoS attacks targeting hundreds of entities daily. Activity peaked in October and November 2024.
  • Propagation Mechanism: Combines public and private exploits for over 20 vulnerabilities to infect diverse devices.
  • Brute Force Module: Targets devices with weak Telnet passwords.
  • Custom Malware Attributes: Implements Mirai-like commands, uses custom UPX packing, and scans for additional vulnerabilities across networks.

Targeted countriesTargeted countries
Source: X Lab

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Targeted Devices and Vulnerabilities

The botnet exploits vulnerabilities in a wide range of devices, including:

Device TypeExploits Used
ASUS routersN-day exploits
Huawei routersCVE-2017-17215
Neterbit routersCustom exploit
LB-Link routersCVE-2023-26801
Four-Faith routersCVE-2024-12856 (zero-day)
PZT camerasCVE-2024-8956, CVE-2024-8957
Kguard DVRsRemote code execution vulnerabilities
Lilin DVRsRCE exploits
Vimar smart home devicesLikely undisclosed vulnerabilities
5G/LTE devicesWeak credentials and misconfigurations

The botnet actively infects DVRs, routers, and smart home devices, further highlighting the vulnerabilities present in internet-exposed systems.

DDoS Attack Characteristics

X Lab’s telemetry revealed that the botnet’s DDoS attacks are:

  • Short in Duration: Lasting between 10-30 seconds.
  • High in Intensity: Surpassing 100 Gbps of traffic, capable of disrupting even robust infrastructures.
  • Global in Reach: Attack targets span China, the US, Germany, the UK, and Singapore, affecting various industries.

Attack volumesBotnet attack volumes
Source: X Lab




Mitigation Recommendations

To defend against this botnet, users should:

  1. Install Updates: Apply the latest firmware updates to patch known vulnerabilities.
  2. Replace EOL Devices: Upgrade end-of-life devices to models receiving regular security updates.
  3. Secure Configurations:
    • Change default credentials to strong, unique passwords.
    • Disable unnecessary remote access interfaces.
  4. Network Monitoring: Use intrusion detection systems to identify anomalous behavior.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This